<% Sub Main ' Examine the 'UcamWebAuthTestingClient' cookie. ' This cookie is used to store the index number of ' the LAST test and the outcome of that test. This ' cookie is only updated when an authentication ' cycle is complete (which could be due to an ' error) so we use the cookie to determine the ' index of the CURRENT test. ' ' NOTE: This cookie is completely separate ' from the 'Authentication cookie' and is ' purely used for testing. ' ' The actual value of the cookie consists of ' three elements delimited by '!': ' ' 'index!status_code!status_message' testing_client_cookie_name = "UcamWebAuthTestingClient" testing_client_cookie_index = 1 If (Request.Cookies(testing_client_cookie_name) <> "") Then testing_client_cookie_value = Request.Cookies(testing_client_cookie_name) testing_client_cookie_array = Split(testing_client_cookie_value, "!") testing_client_cookie_index = CInt(testing_client_cookie_array(0)) testing_client_cookie_index = testing_client_cookie_index + 1 End If ' Create 'Scripting.Dictionary' object ' to hold the arguments we will supply ' to the 'Ucam_Webauth' object. Set args = CreateObject("Scripting.Dictionary") ' Add the different arguments to the 'args' ' associative array as name/value pairs. ' Both name and value must be strings ' so integers must be added as "x", eg. "60". ' 'auth_service' is the WLS authentication server. ' The following line gives the the demo Raven testing server: ' args.Add "auth_service", "https://demo.raven.cam.ac.uk/auth/authenticate.html" ' We're testing with our Dummy Raven WLS server so use that: args.Add "auth_service", "http://www2.careers.cam.ac.uk:11812" ' 'hostname' must be a domain name and perhaps a ' port but nothing more. args.Add "hostname", "localhost:81" ' 'log_file' is the location of the logfile ' which must be read/writable by the webserver. args.Add "log_file", "C:/wamp/www/raven/vbscriptlog.txt" ' 'key_dir' is the directory holding the ' public key certificate. args.Add "key_dir", "C:/wamp/www/raven" ' 'cookie_key' is the key used to generate ' hash values of the authentication cookie. ' Ideally it should be changed on a regular basis ' but not during sessions. args.Add "cookie_key", "Random string" ' We add the current iteration of testing in ' 'testing_client_cookie_index' as a parameter ' to Ucam_Webauth which should then be ' included as a parameter in the authentication ' request to the WLS and the subsequent ' authentication response back from the WLS. args.Add "authrequest_params", CStr(testing_client_cookie_index) ' Create new instance of 'Ucam_Webauth' ' and supply arguments. ' We do not need to include 'Request' and 'Response' ' variables (as in C# version), in order to get/set ' cookies and server variables and perform redirects ' as these variables are globally accessible to ASP class. Set oUcam_Webauth = New Ucam_Webauth Call oUcam_Webauth(args) ' For the purposes of testing, we provide ' a 'Logout' link that removes the local ' authentication cookie and then displays ' a link to easily logout the Raven WLS. ' So we check to see if this 'Action=Logout' ' link has been called and logout/display ' link accordingly. If (Request.ServerVariables("QUERY_STRING") = "Action=Logout") Then oUcam_Webauth.ResetState() Response.Write("Logged out of Raven (local)
") Response.Write("Logout Raven (remote)
" & _ "Access Raven authenticated page") Exit Sub End If ' When you first access this page ' the 'Authenticate' function will be called. ' This will typically be called three times ' in total to successfully authenticate the ' user. In the first two iterations of ' 'Authenticate', it will return ' 'AUTHENTICATE_INCOMPLETE' while it ' redirects the user's browser first to ' the Raven WLS and then back to this page. ' On the third iteration of 'Authenticate', it ' will return 'AUTHENTICATE_COMPLETE_AUTHENTICATED' ' or 'AUTHENTICATE_COMPLETE_NOT_AUTHENTICATED' ' if the authentication process has fully ' completed without error. Select Case oUcam_Webauth.Authenticate() Case oUcam_Webauth.AUTHENTICATE_INCOMPLETE ' 'Authenticate' still redirecting pages ' so don't do anything else. Exit Sub Case oUcam_Webauth.AUTHENTICATE_COMPLETE_AUTHENTICATED ' Success so display the 'principal', ie. the user id. Response.Write("SUCCESS. You are " & oUcam_Webauth.principal() & "
") ' Also display the 'ptags' parameter indicating ' whether the user is 'current' or not. Response.Write("Ptags = " & oUcam_Webauth.ptags() & "
") ' Display any 'GET variables' to check they ' have carried through from the original ' page request. For Each item In Request.QueryString() Response.Write item & "=" & Request.QueryString()(item) & "
" Next ' Display a 'Logout' link to make it easy to ' test authentication repeatedly. Response.Write("Logout Raven (local)") Case Else ' Either there was an error or a failed ' authentication so print out the result either way. Response.Write("FAIL - " & oUcam_Webauth.status() & ": " & oUcam_Webauth.msg()) ' Also log the error for debugging purposes. oUcam_Webauth.write_log("FAIL - " & oUcam_Webauth.status() & ": " & oUcam_Webauth.msg()) End Select ' We use a 'UcamWebAuthTestingClient' cookie ' to store the return 'status' of the most recent ' authentication attempt. The Dummy WLS server ' looks at the value of this cookie, compares ' it with its most recent attempt to generate a ' particular status and logs the results. ' Ideally the status/error the Dummy WLS server ' tried to generate should match the status/error ' recorded here. ' ' NOTE: The Dummy WLS server only performs the ' comparison of 'actual' and 'expected' when ' it receives a subsequent authentication request. ' ie. when testing is terminated, the final ' authentication attempt comparison may be lost. ' Store number of testing iteration, return status and status msg. ' To make it a session cookie, we don't specify 'Expires'. Response.Cookies("UcamWebAuthTestingClient") = CStr(testing_client_cookie_index) & "!" & oUcam_Webauth.status() & "!" & oUcam_Webauth.msg() ' We intend to perform another authentication attempt ' so reset the state of Ucam_Webauth, ie. remove ' the authentication cookie. oUcam_Webauth.ResetState() End Sub Call Main %>